brain-sync

The brain-sync skill presents a coherent, user-driven workflow to back up and restore ~/.brain data via Git/GitHub. The data flow is from local data to a remote repository, with an optional GitHub CLI path for convenience. This is appropriate for legitimate backup/restore use but introduces clear data exfiltration implications if the destination repository is public or credentials are mishandled. The required capabilities (read/write to ~/.brain, invoke git, optionally use gh) are proportionate to the task, and there is no evident malicious payload. Security risk is moderate due to exposure to a remote repository and potential data leakage depending on repository privacy and user credentials. Recommend ensuring repository privacy (private default), informing users about data sensitivity, and clarifying credential handling and per-action user consent. Overall verdict: Suspicious to moderate risk depending on user configuration; not malicious, but data flow to GitHub warrants user awareness and access control.